Search squid archive

Re: Implement Tproxy on Debian squeeze

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I think what happens is the document seems to be wrong, the kernel
already has TPROXY compiled in , look for /boot/config-xxxx   and
search for TPROXY, it should says "m".

for the iptables rules, you will need to use mangle table, there's no
tproxy table anymore.

as such

iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port
<proxyport>  \
              --tproxy-mark 0x1/0x1


on my machine ubuntu 10.04 LTS,  Linux fullcenter 2.6.32-37-server
#81-Ubuntu SMP Fri Dec 2 20:49:12 UTC 2011 x86_64 GNU/Linux
I have TPROXY 4.1.0 included, not sure about debian.

[5282830.948528] NF_TPROXY: Transparent proxy support initialized, version 4.1.0
[5282830.948533] NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.


However, I do want to add an additional question , suppose my proxy
machine will be acting as network gateway to my LAN,  can I simply
archive the same effect by simply
-iptables -t mangle -A PREROUTING -p tcp --dport 80 -j DNAT
127.0.0.1:xxxx  ??? why was tproxy needed in the first place?

Thanks.

On Fri, Mar 2, 2012 at 9:33 AM, David Touzeau <david@xxxxxxxxxx> wrote:
>
> There is bad news, backports did not change something according Tproxy
> Only kernel 3.2x is available on backports repository.
>
> apt-get install -t squeeze-backports linux-image-3.2.0-0.bpo.1-686-pae
> apt-get install -t squeeze-backports upgrade
> reboot
> my kernel is now
> Linux squid32.localhost.localdomain 3.2.0-0.bpo.1-686-pae #1 SMP Sat Feb 11
> 14:57:20 UTC 2012 i686 GNU/Linux
>
>
>  iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY
> --on-port 80
> WARNING: All config files need .conf: /etc/modprobe.d/fuse, it will be
> ignored in a future release.
> iptables v1.4.8: can't initialize iptables table `tproxy': Table does not
> exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded
>
> grep -i iptables /boot/config-`uname -r`
> CONFIG_IP_NF_IPTABLES=m
> CONFIG_IP6_NF_IPTABLES=m
> # iptables trigger is under Netfilter config (LED target)
>
> SNIF, SNIF
>
>
> Le 02/03/2012 17:03, David Touzeau a écrit :
>
>> iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
>> TPROXY --on-port 80
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux